51 comments

[ 3.0 ms ] story [ 128 ms ] thread
Some plots start the y axis at 0, and some do not. The "Oort Online" plot is especially misleading.
Yeah, these all desperately need to start at 0. The magnitude of the differences in a lot of these really don't matter much.
The WebXPRT test even seems to have a margin of error and Chrome and FF are in each others range.

I would like to see what they did to ensure a clean system state and whether they repeated the tests and averaged the results or just showed the first one.

All the major browsers perform well enough for the great majority of users. For me the differentiator is privacy with regard to the browser vendor and websites I visit, and for that I trust only Mozilla because of their mission and track record (and I use some add-ons).

I've read that Chrome is more secure, in terms of integrity when attacked, which of course can help privacy (i.e., confidentiality). I've read that it's due to Chrome's security model, but I'd be interested if someone would be willing to describe it in more detail.

"For me the differentiator is privacy with regard to the browser vendor and websites I visit, and for that I trust only Mozilla because of their mission and track record (and I use some add-ons)."

Are you concerned about Firefox's previous integrations with Pocket [1] and Firefox Hello [2]?

[1]: https://groups.google.com/forum/#!msg/mozilla.governance/2PY...

[2]: https://news.ycombinator.com/item?id=9668526

I don't remember the details of those issues, other than concluding that the risks were way overblown and they were easy to disable.
> For me the differentiator is privacy [...] for that I trust only Mozilla [...] (and I use some add-ons).

What FF add-ons and/or configuration do you recommend? I use Privacy Badger, AdBlock Plus and HTTPS Everywhere.

In Firefox Options, I clear cookies at the end of every session.

If I had Private Mode always active, then I could use Firefox's own Tracking Protection, but I thought Privacy Badger is enough and is made by the EFF which I trust.

I'm assuming you are an advanced user who can understand and manage these add-ons, and also diagnose the occasional website malfunctions that they cause. Here are some of the most useful I know about:

---

* uMatrix: Use this for five minutes and I think you'll be sold on it. Essentially an application-level firewall for your web browser, which replaces several other add-ons. Controls cookies, JavaScript, plugins, frames, provides connection-level privacy blacklists, and all at a granular level, using firewall-style rules for local (to the website) & remote pairs: e.g.,

  * * * DENY   # Deny all default
  cnn.com googleapis.com javascript ALLOW
But the most impressive part is the GUI, the "matrix", which allows you to visualize as well as create/remove rules very efficiently, with a click (though you can still write them manually if you like). Like a well-made car, it's so well-designed and executed that it's a pleasure to drive. Real firewalls should use this GUI.

---

* NoScript: Does far more than block JavaScript, and provides a bunch of security that uMatrix does not:

https://news.ycombinator.com/item?id=12624596

---

* Decentraleyes: A local cache of common CDNs and other resources. It protects privacy by minimizing connections to CDNs, should reduce bandwidth, and can help performance in some cases. From their documentation:

- Supported Networks: Google Hosted Libraries, Microsoft Ajax CDN, CDNJS (Cloudflare), jQuery CDN (MaxCDN), jsDelivr (MaxCDN), Yandex CDN, Baidu CDN, Sina Public Resources, and UpYun Libraries.

- Bundled Resources: AngularJS, Backbone.js, Dojo, Ember.js, Ext Core, jQuery, jQuery UI, Modernizr, MooTools, Prototype, Scriptaculous, SWFObject, Underscore.js, and Web Font Loader.

---

* HTTPS Everywhere: For the reference of others reading this comment, it's an EFF project that uses a whitelist of websites which accept https connections and forces the browser to connect to them over the secure protocol.

---

* CsFire: CSRF detection and protection. Also technically interesting.

https://distrinet.cs.kuleuven.be/software/CsFire/

Try Self-destructing Cookies, BetterPrivacy, Decentraleyes, Google Search Link Fix, Random Agent Spoofer, and RefControl.

Chrome gives far less control over privacy. (Consider the business motivations of Mozilla vs. Google.)

You can also add a file called user.js to your Firefox profile folder with these settings to make it better:

https://gist.github.com/j127/8627698e47612eaf9d2bf4c633bbbb4...

Anything in about:config can be overridden in user.js.

You can use multiple Firefox profiles to launch separate browser profiles, each with different extensions. (I have an alias for that: `alias ff="firefox -P"`)

Ctrl-shift-p is a fast way to enter private browsing mode, which, by default, will keep your privacy extensions enabled. (You can ctrl-shift-n in Chromium/Chrome if you need to turn off all extensions for a quick look at something.)

Firefox for Android is also the only mobile browser that allows add-ons, so you can get your privacy tools and customizations there too.

Also check out the Firefox developer console. Go into settings and check the boxes until it's how you want it.

> (You can ctrl-shift-n in Chromium/Chrome if you need to turn off all extensions for a quick look at something.)

You can keep extensions enabled in Chrome as well when using incognito. You just have to explicitly enable it on the extensions menu for which extensions you want to keep enabled.

I generally don't do that, because I want one way to open a browser that has no extensions.

So I can go to Chrome (alt-6 to get to that virtual desktop) and then ctrl-shift-n to get a plain browser.

Firefox keeps the extensions on by default, so if I need to login to one site with different accounts, I can use ctrl-shift-p for a private window, or `$ firefox -P` for a different browser profile.

You might want to consider replacing ABP with µBlock Origin. It does the blocking more cleverly so it performs a lot better.
Just one thing worth mentioning. If you use the exact same filter lists in ABP and uBlock Origin[1] then the end result should be IDENTICAL (if it's not it's a bug) save for the fact that uBlock does things faster and more efficient.

Some people seem to get thrown off that uBlock might block more but that's only because it enables a few more filter lists by default. That being said the default are still designed to minimize false positives.

[1] https://github.com/gorhill/uBlock

> If I had Private Mode always active, then I could use Firefox's own Tracking Protection, but I thought Privacy Badger is enough and is made by the EFF which I trust.

If you enable uBlock Origin's Disconnect filters then Firefox's own tracking protection becomes redundant since the latter uses the Disconnect filter lists.

[1] https://github.com/gorhill/uBlock

i would recommend uBlock for Adblocking, saves CPUcycles and has no shady Businessmodel

  - HTTPS Everywhere
  - UMatrix
  - NoScript (for XSS/ABE etc.)
  - Self-Destructing Cookies
  - Better Privacy (for flash cookies)
  - Calomel SSL Validation
  - Disable WebRTC (can do this without the extension though)
  - Canvas Blocker (prevents canvas fingerprinting)
>All the major browsers perform well enough for the great majority of users.

I guess I'm in the minority then. Firefox is markedly slow in rendering and navigating large pages. Even searching inside the page is slow. Chrome doesn't even notice a difference. Edge is similarly indifferent to the page size, but it's buggy as hell in general.

It's infuriating that after all these years Firefox is still so much behind on basic performance.

What's infuriating to me (except that I've mellowed about it over the years) is that web pages use as much cpu and memory as they can get away with, up to the edge of un-usability. Pre-mature optimization being evil and all that.

FWIW here's a huge page with colored text and links (real html stuff), and it's quite snappy in firefox: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-st...

After moving from Firefox to Chromium about five years ago, I've gradually moved back. Initially for Self Destructing Cookies and NoScript, but the Reader View really is fantastic. I've found a locked down version of FF for reading, and Chromium for webapps works very well.
> I've read that Chrome is more secure, in terms of integrity when attacked, which of course can help privacy (i.e., confidentiality). I've read that it's due to Chrome's security model, but I'd be interested if someone would be willing to describe it in more detail.

The developer documentation[1] does a pretty good job at describing the security model and the defense in depth that it provides. Edge adopts a similar sandbox model although Chrome's is probably better. Their sandbox model allows them to leverage nearly all of the OS mitigations and security features that Windows[2] (and other's) have to offer.

One example of a major difference that can be enabled because of Chrome's model is the usage of Win32k.sys lockdown which is the only way which you can reduce the kernel attack surface on Windows. This is enabled for all renderer processes and may be enabled on plugin processes as well (not sure if that got enabled globally yet outside of field tests). Win32k lockdown blocks access to the entire GDI subsystem among some other things.

As far as I know Chrome and possibly chromium based browsers are the only ones who currently use the win32k lockdown mitigation.

[1] https://www.chromium.org/developers/design-documents/sandbox

[2] https://www.chromium.org/developers/design-documents/sandbox...

Would have been good to see Safari and Opera in the assessment too.
Well, modern Opera is very similar to Chrome, as it is Blink based. Agree about Safari.
As it was mentioned in another comment, you either leave out Safari or Edge, since there is no OS where both are available. Obviously, in order to obtain a meaningful comparison, you need to run all your tests on same OS and same HW specs.
You could easily use the same hardware, and maybe run Chrome in both OS – giving you a shared reference point. It'd also make the comparison useful to people using OS X.

Edit: I just ran the JetStream benchmark on OS X (El Cap). Results:

- Safari 10.1: 306.25 ± 5.8662

- Chrome 56: 198.77 ± 10.059

- Firefox 49: 234.56 ± 19.496 (ran it a second time after update: 235.04 ± 6.0682)

Their results:

- Chrome: 184 ± 2

- Firefox: 154 ± 4

- Edge: 219 ± 5

Yes, this would be interesting indeed.
Edge may be fast in benchmarks but in real life it's a buggy mess. Web pages look terrible and "fuzzy". Local testing with visual studio is broken. It works poorly with office 360 and bing maps.

This is just my experience. Only safari comes close to being a big a pain in the ass.

edge's interface looks like it was designed in an intern's spare time
To be honest, all metro style apps have the problems you described. Also, there are minor oddities that bug me. For example, while switching desktops, the edge window will appear blank for a split second before filling up with the content. This happens every time. I don't think it has anything to do with memory.
Latest Win10 update replaced the permission dialog box with the metro equivalent, keyboard shortcut lost, I cried a little inside.
since edge has gotten lastpass and adblock, I have been using it more and more. I haven't noticed pages looking fuzzy. it seems to work well but the fact that you can't right click and search in a new tab is frustrating.
> since edge has gotten lastpass and adblock

There's also an experimental version of uBlock for it as well[1].

[1] https://github.com/nikrolls/uBlock-Edge#microsoft-edge

Using uBlock requires reenabling it every time the browser launches, since unpacked extensions are disabled automatically each session. There is no documentation on how to package an extension to make it stick; this knowledge seems to be restricted to the select few developers that have Microsoft-endorsed extensions in the store.
I use Edge becuase the rendering and thw smoothness is superior to the other browsers, I just can't go back now.
It's not that I doubt the benchmarks, but Edge doesn't feel that fast. As others point out, the UI is also a little... weird. Why is the URL bar hidden by default, that just seems like a weird way of tricking people into using the Bing search box.
Sunspider was developed by WebKit and yet its browser is not featured on the benchmark
There's no version of Safari for Windows, or of Edge for Mac. So you need to leave one of these out when comparing on the same hardware/os combo.
Chrome and Safari are used by most users (on mobile and notebook/PC).

Both should be included in such benchmarks. Firefox is kind of popular on desktop, and IE11 is still pretty common if you look at corporate users.

> Chrome and Safari are used by most users (on mobile and notebook/PC).

Statistics for Notebook/PC:

> http://gs.statcounter.com/#desktop-browser-ww-monthly-201509...

This shows Safari has only a market share of 4,75%.

For mobile: As long as it is not possible to either run Safari under another mobile operating system or Apple allows allocate executable memory on iOS to let other browsers implement JIT there is no meaningful way to compare mobile browsers (in particular Safari),

FF's JS perf is just embarassing. Hopefully, when the new optimizations land (they're working on some now, IIRC) this will be improved.
(comment deleted)
Be sure to look at the numbers in the charts. Those bars there don't use the full axis and suffer from distorsion. It's the #1 don't in the list at http://www.eea.europa.eu/data-and-maps/daviz/learn-more/char...
Jebus, you weren't kidding... that's a lot of distortion.

In one example we're talking a visual difference of >50% which amounts to an actual difference of 80 "points" out of 10000, so <1%. (No, that's not a typo on my part.)

You have to wonder of most of the visual difference isn't actually just statistical noise at that point.

Came here to post just this. Really ridiculous, and sometimes the text even matches the distorted scale, saying things like "blew past the others" for a 1% win.
I cringed at the words "Firefox left it in the dust" (in comparison to Chrome for the Oort WebGL Benchmark). The actual scores were:

    Firefox: 10,000
    Chrome:   9,940

Hyperbole much?
FUCK THOSE RETARDED SCALES ON THE CHARTS!
The Edge JS performance is interesting for me wrt serverside rendering - previous benchmarks of the engines running on node (rather than the browser) I've seen have had V8 edging ChakraCore out on Octane circa May this year.

If this still the case? The relative Chakra performance looks pretty strong here.

this guys work for Microsoft..... so predictable...